//package com.up.vms.interfaces.rest.security;
//
//import com.up.vms.interfaces.oauth.filter.JWTAuthenticationFilter;
//import com.up.vms.interfaces.oauth.jwt.CustomAuthenticationProvider;
//import com.up.vms.interfaces.oauth.jwt.JwtTokenUtil;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.core.annotation.Order;
//import org.springframework.security.authentication.AuthenticationDetailsSource;
//import org.springframework.security.authentication.AuthenticationProvider;
//import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.builders.WebSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.core.session.SessionRegistryImpl;
//import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.security.web.access.channel.ChannelProcessingFilter;
//import org.springframework.security.web.authentication.WebAuthenticationDetails;
//import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
//
//import javax.servlet.http.HttpServletRequest;
//
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
//public class MultiHttpSecurityConfig {
//
//    @Bean
//    public UserDetailsService userDetailsService() {
//        return new UserContextServiceImpl();
//    }
//
//    @Configuration
//    @Order(1)
//    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//        //需要拦截的URL
//        private final String[] AUTH_BLACK_LIST = {"/app/**", "/res/**", "/vms/v1/banner/**"};
//        private UserDetailsService jwtUserDetailService;
//        private BCryptPasswordEncoder bCryptPasswordEncoder;
//        @Autowired
//        private JwtTokenUtil jwtTokenUtil;
//
//        public WebSecurityConfig(UserDetailsService jwtUserDetailService) {
//            this.jwtUserDetailService = jwtUserDetailService;
//            this.bCryptPasswordEncoder = new BCryptPasswordEncoder();
//        }
//
//        //设置 HTTP 验证规则
//        @Override
//        protected void configure(HttpSecurity http) throws Exception {
//            http.cors().and()
//                    .csrf().disable()
//                    //去掉session管理
////                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//                    // 所有请求需要身份认证
//                    //.and().authorizeRequests().antMatchers(AUTH_WHITELIST).permitAll().anyRequest().authenticated()
//                    //拦截所有app开头的
////                    .and()
//                    .authorizeRequests().antMatchers(AUTH_BLACK_LIST).authenticated()
//                    //其他全部放行
////                    .anyRequest().permitAll()
//                    .and().addFilter(new JWTAuthenticationFilter(authenticationManager())).logout() // 默认注销行为为logout，可以通过下面的方式来修改
//                    .logoutUrl("/oauth/app_logout").logoutSuccessUrl("/oauth/app_login").permitAll()
//                    ;//设置注销成功后跳转页面，默认是跳转到登录页面;
//        }
//
//        //该方法是登录的时候会进入
//        @Override
//        public void configure(AuthenticationManagerBuilder auth) throws Exception {
//            // 使用自定义身份验证组件
//            auth.authenticationProvider(new CustomAuthenticationProvider(jwtUserDetailService, bCryptPasswordEncoder, jwtTokenUtil));
//        }
//    }
//
//
//    @Configuration
//    @Order(2)
//    public class SecurityConfig extends WebSecurityConfigurerAdapter {
//
//        @Autowired
//        private CustomBasicAuthenticationEntryPoint customBasicAuthenticationEntryPoint;
//
//        @Bean
//        public PasswordEncoder passwordEncoder() {
//            return new BCryptPasswordEncoder();
//        }
//
//        @Override
//        @Bean
//        public UserDetailsService userDetailsService() {
//            return new UserContextServiceImpl();
//        }
//
//        @Bean
//        public CustomLogoutSuccessHandler customLogoutSuccessHandler() {
//            return new CustomLogoutSuccessHandler();
//        }
//
//        /**
//         * 自定义authenticationProvider
//         *
//         * @return
//         */
//        @Bean
//        public AuthenticationProvider authenticationProvider() {
//            DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
//            daoAuthenticationProvider
//                    .setPasswordEncoder(passwordEncoder());
//            daoAuthenticationProvider.setUserDetailsService(userDetailsService());
//            daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
//
//            return daoAuthenticationProvider;
//        }
//
//        @Override
//        public void configure(WebSecurity web) throws Exception {
//            web.ignoring()
//                    .antMatchers("/webjars/**", "/css/**", "/js/**", "/images/**", "/fonts/**");
//        }
//
//        @Override
//        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//            auth.authenticationProvider(authenticationProvider());
//
//        }
//
//        @Override
//        protected void configure(HttpSecurity http) throws Exception {
//            http
////                    .addFilterBefore(new CorsFilter(), ChannelProcessingFilter.class)
//                    .headers()
//                    .frameOptions()
//                    .disable()
//                    .and()
//                    .authorizeRequests()
//                    .antMatchers("/system/initData").permitAll()
//                    .antMatchers("/actuator/**").permitAll()
//                    .antMatchers("/login").permitAll()
//                    .antMatchers("/swagger-ui.html").permitAll()
//                    .antMatchers("/v2/api-docs").permitAll()
//                    .antMatchers("/swagger-resources/**").permitAll()
//                    .antMatchers("/admin/logout").permitAll()
////                    .antMatchers("/app/**").permitAll()
////                    .antMatchers("/res/**").permitAll()
////                    .antMatchers("/vms/v1/banner/**").permitAll()
//                    .antMatchers("/vms/v1/video/pfop/notify").permitAll()
////                .antMatchers("/**").permitAll()
//                    .anyRequest()
//                    .authenticated()
//                    .and()
//                    .httpBasic()
//                    .authenticationEntryPoint(customBasicAuthenticationEntryPoint)
//                    .and()
//                    .exceptionHandling().accessDeniedPage("/login")
//                    .and()
//                    .formLogin()
//                    .loginProcessingUrl("/login")
//                    .authenticationDetailsSource(authenticationDetailsSource())
//                    .successHandler(new CustomAuthenticationSuccessHandler())
//                    .failureHandler(
//                            new CustomAuthenticationFailureHandler()
//                    )
//                    .and()
//                    .sessionManagement()
////            SessionCreationPolicy.IF_REQUIRED    仅当需要时，创建session
//                    .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
//                    // 防止篡改session
//                    .sessionFixation()
//                    .changeSessionId()
//                    .maximumSessions(30)
//                    .maxSessionsPreventsLogin(true)
//                    .sessionRegistry(new SessionRegistryImpl())
//                    .expiredUrl("/?expired")
//                    .and()
//                    .and()
//                    .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
//                    .disable()
//            ;
//
//            http.logout()
//                    .logoutUrl("/logout")
//                    .logoutSuccessUrl("/login")
//                    .logoutSuccessHandler(customLogoutSuccessHandler())
//                    .invalidateHttpSession(true)
//                    .clearAuthentication(true)
//                    .deleteCookies("JSESSIONID");
//        }
//
//        private AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> authenticationDetailsSource() {
//
//            return request -> new WebAuthenticationDetails(request);
//        }
//
//    }
//
//}
